Database Develop

Android and Privacy

Has anyone in their rom building and reverse engineering ever found anything Big Brotherish in the code? Keyloggers and hidden processes that phone home
your location come to mind.

When you set up the phone there is a question about sharing your location with google

jsapp said:
When you set up the phone there is a question about sharing your location with google
Click to expand...
Click to collapse
But that is upfront, I'm asking about hidden processes. One that would crop up after you say no.

I'm sure Google wouldn't stick a keylogger or hidden process for the fun of it in a fresh build of the OS. I doubt it, like if you choose "No" it will tell the OS not to send location data to google.

Coburn64 said:
I'm sure Google wouldn't stick a keylogger or hidden process for the fun of it in a fresh build of the OS. I doubt it, like if you choose "No" it will tell the OS not to send location data to google.
Click to expand...
Click to collapse
Yes, but what about HTC? T-Mobile? No offense but have you actually dug around the code? I don't know much about code besides web but I wouldn't put it past a company to do something like that.
ATT already got busted for helping DHS spy on citizens. I'm not paranoid, just curious.

Danny double post. Srry

thedroid said:
Yes, but what about HTC? T-Mobile? No offense but have you actually dug around the code? I don't know much about code besides web but I wouldn't put it past a company to do something like that.
ATT already got busted for helping DHS spy on citizens. I'm not paranoid, just curious.
Click to expand...
Click to collapse
I am wondering also now that u guys bring this up. Maybe someone could ask the devs. I faintly remebering a dev saying "got rid of shady HTC log apk". I think it might of been cyanogen but I'm not 100% on that. So if I gave credit to the wrong dev feel free to correct me.

Well it wouldn't be incredibly smart to put in something like that, and then make it open source.

jsapp said:
Well it wouldn't be incredibly smart to put in something like that, and then make it open source.
Click to expand...
Click to collapse
HTC's code is technically closed source AFAIK.

jsapp said:
Well it wouldn't be incredibly smart to put in something like that, and then make it open source.
Click to expand...
Click to collapse
This is the biggest reason I love open source. The more people with the code the better.
thedroid said:
I'm not paranoid, just curious.
Click to expand...
Click to collapse
Im curious too, and paranoid
I just assume the governments watching me all the time, and I make sure to give them something to talk about.

thedroid said:
ATT already got busted for helping DHS spy on citizens. I'm not paranoid, just curious.
Click to expand...
Click to collapse
Why would a telecom company put spying code on the mobile? It would be so much easier to just snoop on their server end, where there's little possibility you could discover such an intrusion.

Thoughts and responses appreciated
Privacy policy from Google suggest private user information IS sent to Google*. I am moving from HTCs WM devices to the G1 and I'm getting quite concerned about things of this nature. I can see that a user has the option to share or withold some information but not sure if there are options to withhold ALL personal details (location, contacts etc). Are there any options or methods that COMPLETELY stop ANY information being sent to Google or any other party? (Device config options, ROMs etc???)
I am new to Android and still learning so any help would be appreciated. (also posting in a hurry!)
Thanks
*G1-specific information we collect
* In order to set up your device, we ask you to sign-in with your Google Account (if you already have one) or create a new, free Google Account. Your Google Account information is stored by Google. If you change your device, you will have to associate the new device with your Google Account before we can authenticate you.
* Each device is assigned one or more unique identification numbers. These identification numbers are associated with your Google Account and the IMEI number, mobile country code, and mobile network code of your device (which is also stored by your wireless operator), and allow your device to sync your Google email, contacts, and other Google services.
* In order to continually improve our services and provide a better user experience, we collect some basic usage statistics from your device. Information such as the hardware model of your device and the version of the Android software you are running is collected but not stored in association with your Google Account. In addition, we collect some information on device-level events such as crashes that is associated with your Google Account temporarily in order to provide customer service. Neither of these categories of usage statistics contains application-level information such as the content of emails or phone call records.
* Certain applications or features of your G1 device may cause other information to be sent to Google but in a fashion that cannot be identified with you personally.
* Your device may send us location information (for example, Cell ID or GPS information) that is not associated with your Account.
* Using some applications or features may send information to Google that is stored with your Google Account. If you use standard Google services on your G1 device, for example by creating new contacts or Calendar events, then this information will be associated with your Google Account and stored consistent with the privacy policies for those services. Likewise, if you use the Android Market, information about your downloads, comments, and ratings will be stored with and accessible through your Google Account. You have the option to disable or not use these features, in which case Google will not receive this data.
* Certain of our products and services allow you to personalize the content you receive from us. For these products and services, we will store your preferences and the information you provide for customization. These preferences may be associated with your Google Account or elsewhere with Google, as explained in the Privacy Policies for those products.

Yes in settings and during setup it asks you if you want info to be sent...However you should know that microsofts has the win update which sends info about your pc. You shouldnt be concerned though...Contacts/emails/calender is sent/stored on servers.

Ace42 said:
Yes in settings and during setup it asks you if you want info to be sent...However you should know that microsofts has the win update which sends info about your pc. You shouldnt be concerned though...Contacts/emails/calender is sent/stored on servers.
Click to expand...
Click to collapse
I was curious to know if all the data collection methods could be switched off reliably. Thanks for the quick response Ace

ThinkFree Office

What's the scoop with this software?
Whenever I start it, it asks me to click 'Activate Now' to activate the software on my device. Or it allows me to do it 'later'.
What is involved with activating it?
You must do it online.
What is required exactly (what info is given) and what do you get for it?
Is it necessary?
Can you start the app without the nag to activate?
TIA

yes' it's completely free, they just want you to "Register" the software by "Activating" it
takes your whole identity stored in the phone and sends it to their servers as usual
yes you as signing our life away, but heck it's free might as well
if you are super paranoid about giving out your phone # and email address and whatever else they can pull from the phone, then you better not use it.

AllGamer said:
takes your whole identity stored in the phone and sends it to their servers as usual
yes you as signing our life away, but heck it's free might as well
if you are super paranoid about giving out your phone # and email address and whatever else they can pull from the phone, then you better not use it.
Click to expand...
Click to collapse
Well I'd rather not register it if I don't have to.
Is there a way to bypass that nag screen at startup?
Can you somehow register without giving out your phone number and e-mail addresses?
TIA

nope,
it wont let you continue if you don't do it

AllGamer said:
nope,
it wont let you continue if you don't do it
Click to expand...
Click to collapse
OK, can you give me a heads up on the registration process?
When your phone goes online to register do you go to their website?
Do they ask you to enter tel/e-mail or do they pull that info automatically from your phone?
TIA

bingo! choice # 3

AllGamer said:
takes your whole identity stored in the phone and sends it to their servers as usual
yes you as signing our life away, but heck it's free might as well
Click to expand...
Click to collapse
AllGamer, just a couple more questions about this.
How long ago did you register your ThinkFree and have you received any e-mails or SMS messages from the company since then?
TIA

[APP] SyncSMS - Synchronize text messages between tablet and phone

SyncSMS lets you sync your text messages between your Android phone and tablet. SyncSMS lets you sync your text messages between your Android 2.1+ phone and 3G or WiFi-only Android 2.1+ tablet. This app lets you receive text messages on your tablet which have been received by or sent from your phone. Also, this app lets you compose text messages on your tablet which will be copied to your phone and sent out by your phone. You will need to sign up for a free Dropbox account, if you don't already have one, in order to temporarily store the messages between syncs.
Please rate and comment on the app in the Android Market and click Submit to Portal in the upper right of this post to vote this thread to XDA front page, thanks!
*******IMPORTANT LINKS*******
Download: https://market.android.com/details?id=com.d0lph1nk1ng.syncsms
Change Log: http://dl.dropbox.com/u/2774459/changelog.txt
DEV & USER SUGGESTIONS:
===== Ready for next release =====
- None
===== Under Dev =====
- Fix API 11 error when clicking item in action bar overflow menu
- Make C2DM respect wifi-only, DNS interval, and background sync off
- Sync on power
===== Backlog =====
# Bugs
- Auto resync
- ' Help > Setup > Push (Beta)
Push notifications are only for Received messages by the phone and Composed messages by the tablet. I will not be able to support copying Sent messages from your Phone to your Tablet withing doing polling. Please star the Android defect at the link below to add your support behind this enhancement to fix the issue. Thanks!
http://code.google.com/p/android/issues/detail?id=2261
Thanks,
d0lph1nk1ng

Doesn't work at all for me. I sign in to my existing Dropbox and get the error in the screenshot.

*post deleted*

d0lph1nK1ng said:
Could you please post the Logcat?
Click to expand...
Click to collapse
How do we know you are not capturing our DropBox credentials? This looks suspicious.

nevermind about the logcat, the issue is that I need a production API key from Dropbox. i agree on your suspicion, so i have posted the app's source code to instill confidence. please know that this app is not distributable or modifiable though. thanks!

d0lph1nK1ng said:
nevermind about the logcat, the issue is that I need a production API key from Dropbox. i agree on your suspicion, so i have posted the app's source code to instill confidence. please know that this app is not distributable or modifiable though. thanks!
Click to expand...
Click to collapse
Deleted...................

keith, honestly i am an innocent dev. have i broken a rule somewhere?

d0lph1nK1ng said:
keith, honestly i am an innocent dev. have i broken a rule somewhere?
Click to expand...
Click to collapse
Prove that your app is safe to install and immediately asks for Dropbox credentials and fails.

i have posted source code to my app which clearly shows that i use the dropbox api which requires username and password for the first login, then returns an access token per user which is the only thing that is saved to the local databases see LoginTask.java and Utils.java.
the 403 error stands for unauthenticated user. this is due to my app's dropbox api token being only validated for my email address. the app will work as described after i replace my api token with a production api token.
i do not deserve to be banned at all

d0lph1nK1ng said:
i have posted source code to my app which clearly shows that i use the dropbox api which requires username and password for the first login, then returns an access token per user which is the only thing that is saved to the local databases see LoginTask.java and Utils.java.
the 403 error stands for unauthenticated user. this is due to my app's dropbox api token being only validated for my email address. the app will work as described after i replace my api token with a production api token.
i do not deserve to be banned at all
Click to expand...
Click to collapse
Maybe not but you cannot release an app that does not demonstrate that you are not phishing username/password info which your initial release does not prove.

you know, honest mistakes do /actually/ happen in the world. plus, it's not my fault that Dropbox chooses not to allow OAuth for android apps. i never /wanted/ to have to have a user enter username/password in the context of my app for exactly this reason

d0lph1nK1ng said:
you know, honest mistakes do /actually/ happen in the world. plus, it's not my fault that Dropbox chooses not to allow OAuth for android apps. i never /wanted/ to have to have a user enter username/password in the context of my app for exactly this reason
Click to expand...
Click to collapse
Yes they do and when you have a secure way to access the app, please let us know. Until then, I am not touching it and recommend that no one else touches it either.

They do not allow OAuth access forwarding from their webpage per their guidelines. For Android (non mobile-web apps), they say to do so as follows.
From Dropbox dev page:
"Authentication For mobile devices
Mobile authentication is done using a call named token that's in the Mobile API specification section. Token takes a user's username and password and returns a working access token/secret pair to your application that you can use from then on. It's a relatively simple process, but with one caveat: you cannot store the user's password in your application. You can store a username for usability purposes or in case re-authentication is needed. However, there is no reason you should store their password."
Now, I have more than explained myself extremely detailed and clearly, so please go elsewhere with your false proclamations and ignorance.

keitht said:
Maybe not but you cannot release an app that does not demonstrate that you are not phishing username/password info which your initial release does not prove.
Click to expand...
Click to collapse
You expect people to willingly enter their username and password for Dropbox in your app that returns an error of forbidden?

jeez lets just see how this app pans out. Its a good idea and I know that the op has put out other good ideas out before.
Ill keep an eye on this thread. Thanks

instead of crying about it couldnt you just make another dropbox account for this
don't use the same password you do for everything else
problem solved. case closed. stealing your passwords or not, be smart and just make another dropbox account.
btw, i get my xoom soon so ill def. be looking into this app. sounds interesting

It seems to me that posting the source is all he needs to do here, if someone wants to challenge him based on what it contains, that's a different story.
There are tons of legit apps that use Gmail and facebook credentials. Just hooking into 3rd parties doesn't automatically make one a crook.
If you are going to smear someone, at least make the effort to show some evidence, jeez.

Santoro said:
It seems to me that posting the source is all he needs to do here, if someone wants to challenge him based on what it contains, that's a different story.
There are tons of legit apps that use Gmail and facebook credentials. Just hooking into 3rd parties doesn't automatically make one a crook.
If you are going to smear someone, at least make the effort to show some evidence, jeez.
Click to expand...
Click to collapse
You are right and I am sorry for being a prick. But be careful with apps like these especially if they fail on step 1, sign into an account that fails immediately (dropbox). After thinking about this further, I should not have posted what I did and I apologize. It is not my responsibility for others security.

OP, thanks very much for your effort with this, I NEED SMS on my Xoom!!

Possible suggestion.. Maybe making a widget to turn on the syncing? That way when I am using the Xoom, just flip the widget on for both phone and xoom, set phone aside.. This way the time frame for syncing can be quicker, and when I am done on my xoom, turn the widget off, and it wont sync anymore (for the sake of battery usage).

Any way to recover phone's serial number when it's no longer in your possession

Hello,
With my former employer I had a phone that I used my Samsung account with, problem is that Samsung account is registered with the work phone number I had at the time, so I can no longer login to my account because of 2 factor authentification being enforced onto my account (without my consent).
To regain access to my Samsung account I need to have the phone's Serial Number, how can I get it? I don't have anything left from the phone, but I used it regularly with Google Account, Windows, "Your Phone" app, etc....
Can I get it through Windows registry, logs or some online webservice?
Regards,

Where it was bought... especially if it's was a carrier phone.

It was bought by the company which I no longer have contact with.

That's not data normally shared. I'm not a fan of most multitiered security as it always causes me problems.

Doesn't it show you a serial number in the phone information?
Otherwise try this app once. The serial number is also displayed under the Personal tab...
Phone INFO ★SAM★ - Apps on Google Play
All-in-one INFO and TOOLS for Samsung devices.
play.google.com

Roger.T said:
Doesn't it show you a serial number in the phone information?
Otherwise try this app once. The serial number is also displayed under the Personal tab...
Phone INFO ★SAM★ - Apps on Google Play
All-in-one INFO and TOOLS for Samsung devices.
play.google.com
Click to expand...
Click to collapse
she doesn't have the phone that she used to open the Samsung account anymore, that's how I'm reading it.

3mel said:
she doesn't have the phone that she used to open the Samsung account anymore, that's how I'm reading it.
Click to expand...
Click to collapse
Ah ok. I have probably misunderstood that...
Then I don't see any possibility...

Roger.T said:
Ah ok. I have probably misunderstood that...
Then I don't see any possibility...
Click to expand...
Click to collapse
I was gonna suggest yesterday that she bites the bullet and just rings her old employers and explains she's spent lots of money thru the account.
they'd probably say the phone has been scrapped by now, in that case back to Samsung and look for a contact us link.
she can't be the first person to face this scenario since they brought in 2FA. if she still has an email account attached that's something.

3mel said:
I was gonna suggest yesterday that she bites the bullet and just rings her old employers and explains she's spent lots of money thru the account.
they'd probably say the phone has been scrapped by now, in that case back to Samsung and look for a contact us link.
she can't be the first person to face this scenario since they brought in 2FA. if she still has an email account attached that's something.
Click to expand...
Click to collapse
Mmmmm, humble pie... or minced meat pie?

Thanks for the warm welcome!

Hello everyone! Thanks for being welcoming and I hope everyone is doing well. I signed up due to a recent event that occurred and I'm hoping to receive some assistance with finding the alleged criminals or at least retrieve my property and possibly make a few new smart friends with those that help me in the process. Thanks!

Welcome to XDA. i hope you find those criminals!
Have you tried using "Find my device" by google?

Lamntox said:
Welcome to XDA. i hope you find those criminals!
Have you tried using "Find my device" by google?
Click to expand...
Click to collapse
I have tried though I will try again. The bad thing is I'm in this phase of trying to consolidate passwords and secure all my accounts on all my devices and I forgot which passwords I used. Therefore, since all of my devices were stolen, I lost access to my gmail and google accounts and cannot seem to gain it back through their password recovery systems. Why isn't there an option to use biometrics in their forgot password section? I will head over to find my device again and see if I can get any other outcomes.

Lamntox said:
Welcome to XDA. i hope you find those criminals!
Have you tried using "Find my device" by google?
Click to expand...
Click to collapse
This has my current phone on it because I have made a new google account and logged in using the new account it but It doesn't have my previous devices. The only account I have gained access to from my old device is my samsung account.

CodeeTheHunter said:
This has my current phone on it because I have made a new google account and logged in using the new account it but It doesn't have my previous devices. The only account I have gained access to from my old device is my samsung account.
Click to expand...
Click to collapse
you could try using the samsung device locator too. make sure to put it in lost mode